Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

LMS 3.2: Compliance Mngt with two submodes

Hi,

I would like to know, how to test e.g. inspect commands.

ASA-config:

policy-map global_policy
class inspection_default
  inspect dns preset_dns_map
  inspect ftp
  inspect h323 h225
  inspect h323 ras
  inspect rsh
  inspect rtsp

......

How to write the compliance rules, if two submodes are needed ?

I tried (without success) two rules with parent and child (with or without prerequisite of the parent):

Name: inspection      SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : none     Parent: none
  policy-map   global_policy
#

Name: inspectionsub     SubMode: Yes      isPrerequisite: No
Ordered : No     Prerequisite-Commandset : none     Parent: inspection
  class   inspection_default
  -   inspect   esmtp
  -   inspect   sqlnet

Ideas anyone ?

Thank you,

Holger

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Re: LMS 3.2: Compliance Mngt with two submodes

RME doesn't break out all of the sub-modes of the ASA.  Only interfaces are broken out into sub-modes.  To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.

1 REPLY
Cisco Employee

Re: LMS 3.2: Compliance Mngt with two submodes

RME doesn't break out all of the sub-modes of the ASA.  Only interfaces are broken out into sub-modes.  To make sure the "inspect sqlnet" and "inspect esmtp" commands aren't in the config, you'd have to check in global mode.

179
Views
0
Helpful
1
Replies